Ubuntu 16.04 OpenVPN additional servers

To fix any problems with the additional DNS servers not being pushed on Ubuntu 16.04 try the followings:

– disable Network Manager dnsmasq built in feature

vim /etc/NetworkManager/NetworkManager.conf
# comment out below line
#dns=dnsmasq

– restart network manager

sudo systemctl restart network-manager

Now any DNS servers manually added or pushed by the VPN server will be used by your system.

AWS ECR anonymous pull proxy

One of the nice things of using AWS ECR is that everything is managed for you by AWS (infrastructure, patching, upgrades…) so you don’t need to worry too much about any of those. But you need to accept the limitations and when possible to “fix” them.

One of the features which is not available on AWS ECR is anonymous pull.

There is a container which can be used for this purpose.
Before using the container there are few recommendations:

Install OpenXenManager in Linux Mint/Ubuntu

To install OpenXenManager in Linux Mint/Ubuntu follows the steps below. The installation might be compatible with other Linux distributions.
Install the requirements.

apt-get install python-gtk2 glade python-gtk-vnc python-glade2 git

Download the source from the repo.

cd /usr/share
git clone https://github.com/OpenXenManager/openxenmanager.git

Create the start script.

vim /usr/bin/openxenmanager
#!/bin/sh
# OpenXenManager workaround for binary

test -d /usr/share/openxenmanager || exit 1;
cd /usr/share/openxenmanager;
python openxenmanager

Set the new file as executable.

chmod a+x /usr/bin/openxenmanager

To start openxenmanager run on the console below command as a user (not root)

openxenmanager

After you should see the interface of the program.

CentOS / RedHat 6.5 Xtables-addons installation, also puppet xtables-addons

Here are the steps and couple of tips on how to install xtables-addon on CentOS and RedHat 6.4 and 6.5. It might work on all 6.X releases. In centalt repo could be found the rpms and srpms for versions 1.41 and 1.47.1 versions but I couldn’t use any on the above mentioned installations.

I wrote a puppet module which will install the xtables-addons and the update script. The module can be found on https://github.com/catalinpan/puppet-xtables-addons with some more explanations on how can be used.

For the manual installation start with updating your server or skip to next command.

How to use selinux on Centos 6.5

How to use selinux on your Redhat/CentOS server.

Check if selinux is enabled/disabled

sestatus

Disable on the fly selinux

setenforce 0

Enable on-the-fly selinux

setenforce 1

Install utilities to be able to change selinux policies

yum install policycoreutils policycoreutils-python
yum install -y setroubleshoot

Check for selinux errors

cat /var/log/audit/audit.* /var/log/messages* | audit2allow

Create selinux rules based on what was found on logs

cat /var/log/audit/audit.* /var/log/messages* | audit2allow -M mysemanage

Apply the rules on the system

sudo semodule -i mysemanage.pp

In case you run in to trouble and even after applying the pp file your app will still be blocked use the following commands

Mount Amazon S3 to Centos 6.5/Redhat6.5 EC2 paravirtualized only

The below solution works only with a paravirtualized VM.

On git hub can be found a very nice puppet module which does exactly the same installation.

https://github.com/MSMFG/puppet-s3fs

First remove the fuse installed:

yum remove fuse fuse* fuse-devel

Install all the required packages:

 yum install gcc libstdc++-devel gcc-c++ curl curl* curl-devel libxml2 libxml2* libxml2-devel openssl-devel mailcap vim wget -y

Navigate to the installation folder:

cd /usr/local/src

Download fuse and install:

wget http://downloads.sourceforge.net/project/fuse/fuse-2.X/2.9.3/fuse-2.9.3.tar.gz

tar -xvf fuse-2.9.3.tar.gz

mv fuse-2.9.3 fuse

cd fuse

./configure --prefix=/usr

make

make install

export PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/lib64/pkgconfig/

ldconfig

modprobe fuse

pkg-config --modversion fuse

Install s3fs:

Add postfix SMTP sasl authentication with dovecot

In order to allow the clients to send emails using SMTP authentication, update the following files:

/etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
/etc/dovecot/conf.d/10-master.conf
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0600
    user = postfix
    group = postfix
    user = $default_internal_user
  }

reload posfix
service restart dovecot

This will allow a client like Outlook to authenticate for sending emails.

Nagios “Service check command ‘check_nrpe’ not defined anywhere” fix

Fix for :

Checking services…
Error: Service check command ‘check_nrpe’ specified in service ‘LOAD’ for host ‘server_name’ not defined anywhere!

In order to make check_nrpe working on the configuration file need to add the following lines on the  /etc/nagios/objects/commands.cfg

define command{
                                command_name check_nrpe
                                command_line /usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
                                }

Restart the nagios service after.

The configuration on the server will look like:

define service {
        use                                    generic-service
        host_name                      server_name
        service_description       LOAD
        check_command           check_nrpe!check_load
        }

To test if the configuration is working:

Useful linux commands

This is the command which can be used to show all the users with all the grants on mysql from command line.

select user,host,password from mysql.user order by user;

Useful command to add ssh key.

cat your_id_rsa.pub >> ~/.ssh/authorized_keys 

SSH chain login.

ssh -A -t user@server1 ssh -A -t user@server2 ssh -A user@server3 

Find in specific files and replace

grep -rl --include=*.xml oldname /var/www/html | xargs sed -i 's/oldname/newname/g'

Test CPU waiting time because of the IOPS

iostat -mx 1

Add ssh key to a remote server with a single command

Trac server installation on CentOS 6.4 with apache, MySQL and wsgi

The documentation on the Trac website is clear but I was on the wrong track trying to use fcgi on CentOS and to make that Trac server working. After couple of days of research this is my solution to install (migrate) the Trac server.

##Start with epel and remi repo installation##

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

##Enable remi repo

vi /etc/yum.repo.d/remi.repo

##Change first “enable=0” to “enable=1“;
## Because the previous server was using MySQL with utf8mb4 database, I had to install mysql 5.5
##Check first what version of mysql will be installed